Very Computer

But why care, you could run his script via ssh anyway, just make use
of "public.key authorization" and you should be able to run a
command without having to enter username/password.

putty is one of the free ssh-clients available for wintendo. google will
show you a ftp-server.

--
Peter H?kanson        
        IPSec  Sverige      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
           Remove "icke-reklam" and it works.

If it's on an NFS server and you have root access on an NFS client he
exports to, you could su to his userid and read it.  Or you could patch the
NFS client so it doesn't perform access checks before sending the read
request to the server; NFS servers have to allow someone to read a file if
they have execute permission, because there's no way for the server to know
whether the page is being read for the purpose of viewing or executing, so
the server depends on the client making this distinction.

Quote:>                          This is a UnixWare7 server. Any help
>appreciated. Since it's ego and not practicality that drives him to
>keep this secret, I'd like to get at it despite his efforts and knock
>him down a notch. TIA!

--

Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Quote:>>                              This is a UnixWare7 server. Any help
>>appreciated. Since it's ego and not practicality that drives him to
>>keep this secret, I'd like to get at it despite his efforts and knock
>>him down a notch. TIA!

>This seems extremely presumptuous of you.  If someone wishes to keep
>something a secret, why can't you respect his wishes.  He may be
>egotistical, but you're rude.

You basically asked how to break security in a forum devoted to discussing
improving security.  Did you really expect to get by unscathed?  If you
want the kind of answers you're looking for, you should post in a cracker's
group rather than a security group.  You'll find plenty of people who think
like you and they'll be happy to help you.

--

Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

"Since it's ego and not practicality that drives him to
keep this secret, I'd like to get at it despite his efforts and knock
him down a notch. TIA!"

The question might be technical but you made it an ethic issue by stating
this yourself.
Why don't you just write your own script? If that's all you need in a
complex program why not write it yourself, with the help of news group
communities which are often more than willing to help solving problems the
legal way...

/svek

You are engaging in imm*and anitsocial behavior and you are too
ignorant and/or lazy and/or stupid to do your own research so you
posted to a public forum and then complain about people pointing out
your lack of ethical/m*behavior.

One last thing this is an unmoderated news group we can discuss what
ever we want.  And in my oppinion ethics does apply to security.  

marc

        As to why I don't just do it myself, his department wrote the
part of our software that interprets the files after they have been
run through the script, so only they know what the finished product
should be in order to be valid input for the software which will
ultimately use it. The handful of parses, appendices, and conversions
he did in his script (which I saw freely until I mentioned I was going
to build them into my Windows program) would be simple to implement --
I need to know what to parse out and what to append, though, and only
he knows that. This is not some elaborate piece of code he spent days
working on. He knew to remove a few chunks here and there, add a line
or two here, and write the file out. He knew this because he has the
blueprint for the finished product. This is a situation where ego is
getting in the way of productivity, and while I'm not going to make a
case of it and tell management he's interfering with my ability to do
my job (whistle-blowing is not in my nature), I *do* think I'm well
within my rights to try and circumvent his ego.

        I had no idea asking a simple question was going to get me
attacked. I felt no cumpulsion to explain why my actions are right
because I harbored no unconscious belief that they are wrong.
Apparently, though, the respondents feel differently.

Quote:>If I had responded only with my opinion about you, your complaint would be
>justified.  But I also posted useful technical information.  There's no
>such thing as a free lunch -- if I volunteer advice, I think I have the
>right to append some commentary about how it should be used if I think it's
>appropriate.  As system administrators and security experts we're often
>required to consider the ethical consequences of our actions.

Quote:>You basically asked how to break security in a forum devoted to discussing
>improving security.  Did you really expect to get by unscathed?  If you
>want the kind of answers you're looking for, you should post in a cracker's
>group rather than a security group.  You'll find plenty of people who think
>like you and they'll be happy to help you.

        In any case, it's clear that I am not welcome, and rather than
trying to show why I should be I'll just bow out...

This is a situation where ego is

Quote:> getting in the way of productivity, and while I'm not going to make a
> case of it and tell management he's interfering with my ability to do
> my job (whistle-blowing is not in my nature), I *do* think I'm well
> within my rights to try and circumvent his ego.

/svek

Quote:>Actually it is an ethical question, first do you know or just beleive
>it is ok for you to read it?  Another thing is even if it is
>harmless the owner wants to keep it private and he is intitled to do
>so.  But you want to embaris him so its ok.  

>You are engaging in imm*and anitsocial behavior and you are too
>ignorant and/or lazy and/or stupid to do your own research so you
>posted to a public forum and then complain about people pointing out
>your lack of ethical/m*behavior.

>One last thing this is an unmoderated news group we can discuss what
>ever we want.  And in my oppinion ethics does apply to security.  

/svek

Quote:>Why not duing this by trying to reason with him?

Quote:>If that doesn't work then I assume you could always use a sniffer to capture
>the traffic between the client and the server and from there figuring out
>what the script is doing, otherwise you could bruteforce his account
>password.

        I appreciate the advice. Thanks.

marc